Vulnerability found in Schneider Electric’s ICS software

Users of Schneider Electric’s Unity Pro software are urged to download an upgrade, after a vulnerability was discovered in the software.

According to Indegy Labs, the vulnerability in Unity Pro allows any user to remotely execute code directly on any computer on which the software is installed. This vulnerability is present in every control network in the world that users Schneider Electric controllers.

Specifically, attackers are able to remotely access industrial controllers and use a manipulated.apx file to execute malicious code. As the delivery of the .apx file is an engineering control-plane activity executed over a proprietary control, it is difficult to detect. This is because these controllers tend to be unnamed, undocumented and unmonitored.

To detect these attacks, the proprietary control-plane protocols of ICS networks must be monitored, said Indegy.

Users are urged to download an upgrade which was released by Schneider after being alerted of the vulnerability. The company has also released a security notice that instructs users on threat mitigation.

Schneider was notified about the vulnerability by Indegy approximately six months ago. Details of the vulnerability were released this week in order to give Schneider a chance to amend its software.